Overview
A port interrupted with unauthorized mac-address or invalid user is blocked and goes to nonresponding status. The disable timer starts after intrusion detection when the port is in nonresponding state. The port security auto recovery feature allows the interface or port to automatically come up after the timer expires. Static, configured, port-access learn mode, and limited continuous modes can be configured with disable timer.
NOTE:
- If you configure the value of
disable-timer
as zero, the timer is disabled. - In continuous mode, the
send-disable
action cannot be configured, and you cannot set the disable timer. - When
port-security
is enabled with MAC, LOCAL-MAC, and dot1x, onlyport-access
learn mode must be enabled.
Prerequisites:
- Set the action for
disable-timer
tosend-disable
. - The
disable-timer
must be enabled manually by the user for the port.
Requirements:
- dot1x client
- mac client
- Switch
- Windows
Limitations:
- The
disable-timer
must be enabled manually by the user for the port. - If the port is nonfunctional, you cannot change the disable-timer value. You can configure the
disable-timer
with value to zero. - You cannot execute the
port-securtiy <port-num> disable-timer<Value>
command, if the port goes to nonresponding state.